Reversing : The Hacker's Guide to Reverse Engineering

Index 581

compatibility, 71

context switching, 85–86

critical sections, 87

directories, 83

dispatcher, 84

dynamically linked libraries

(DLLs), 96–97

events, 86

exception handlers, 105–107

exceptions, 105–107

executable formats, 93–102

features, 70–71

handles, 81

history, 70

I/O system, 103–104

kernel memory, 74

kernel memory space, 75–77

kernel mode, 72–73

multiprocessor capability, 71

multithreaded, 71

mutexes, 87

object manager, 80–81

objects, 80–83

page faults, 73–74

paging, 73

portability, 71

process initialization sequence,

87–88

processes, 84

scheduler, 84

section objects, 77–78

security, 71

semaphores, 87

64-bit versions, 71–72

supported hardware, 71

synchronization objects, 86–87

system calling mechanism, 91–93

32-bit versions, 71–72

threads, 84–85

user memory, 74

user mode, 72–73

user-mode allocations, 78–79

VAD (Virtual Address Descriptor)

tree, 78

virtual memory, 70, 72

Virtual Memory Manager, 79–80

Win32 subsystem, 104–105

working sets, 74

operation code (opcode), 11, 47

operators, 492–499

optimizers (compilers), 56–57

ORlogical operator, 492, 494–498

ordering transformations, 346, 355

outlining, 353

overflow bugs

heap overflows, 255–256

integer overflows, 256–260

stack overflows, 245–255

string filters, 256

overflow flag (OF), 520–521

P

page faults, 73–74

page tables (virtual memory), 72

pagefile-backed section object, 78

pages (virtual memory), 72

paging, 73

parity flag (PF), 521

password verification process

“Bad Password” message, 207–210

hashing the password, 213–218

password transformation algo-

rithm, 210–213

patching

Hex Workshop, 131–132

KeygenMe-3 crackme program,

358–363

patents, 20, 311, 318

PE (Portable Executable)

directories, 99–102

exports, 99

file alignment, 95

headers, 97–98

image sections, 95

24_574817 bindex.qxd 3/23/05 5:26 PM Page 581